State obtains judgment in data breach affecting Plainville, Norfolk and Foxboro students

BOSTON — Attorney General Maura Healey has obtained a judgment against a Medicaid billing company following a computer data breach impacting students at 13 school districts, including Plainville, Norfolk and Foxboro.

Healey announced the consent judgment was filed in Suffolk Superior Court Wednesday against the New Hampshire-based Multi-State Billing Services, requiring the company to pay $100,000 and implement improved security practices.

The judgment comes after an investigation by the attorney general’s office that found that the company, also known as MSB, violated state consumer protection and data security laws and placed children at risk of identity theft and fraud, Healy’s office said.

The investigation started after MSB reported that a company laptop was stolen. According to the company, the laptop likely contained the unencrypted personal information, including their names, Social Security numbers, Medicaid identification numbers and the birth dates of some students, Healy’s office said.

“This settlement ensures that this company implements the necessary protections so this type of breach never happens again and sends a clear message about the importance of safeguarding the sensitive information of children and others,” Healey said.

At the time of the breach, MSB processed Medicaid billing information for public schools in Plainville and Norfolk and the Foxboro Regional Charter School.

Services the company performed included assisting in submitting Medicaid claims and processing student Medicaid eligibility determinations, according to the attorney general’s office.

According to the complaint filed by the Healey’s office, MSB did not comply with Massachusetts law that required it to take reasonable steps to safeguard the personal information from unauthorized access or use.

If you believe that you have been the victim of identity theft, you will need to take additional steps to protect your credit and your personal information.

For additional information, consumers may contact the Attorney General’s consumer hotline at (617) 727-8400, or view the Federal Trade Commission’s identity theft resource, available at www.consumer.gov/idtheft/. Guidance for businesses on data breaches can be found here.